Few jobs are as important within a network as configuring a router. Router configuration determines how your network is set up and how nearby devices can connect with each other. Poor configurations can lead to a service that doesn’t work or even worse, a connection that is vulnerable to outside interference. In this article we’re going to look at how you can configure your router to enjoy a quality connection year-round.
Configuring a Cisco Router
The first thing we’re going to look at in this guide is how to configure a Cisco router. In order to configure a Cisco router you’re going to need a:
- Cisco router (with console port)
- Rollover cable
- Console port on a computer (If the console port doesn’t fit an Ethernet cable then you’ll also need an RJ-45 to DB-9 adapter.)
Connecting to the Cisco IOS
In order to connect to Cisco IOS you need additional software. In this article we’re going to be using HyperTerminal. On Windows versions prior to Vista you can find HyperTerminal in the Start Menu > Accessories folder. However if you’re using Windows Vista or later you’ll actually have to download HyperTerminal. You can download HyperTerminal from this link here.
- To begin connecting to the IOS, open HyperTerminal and enter a name for your new connection. Press OK. Once you’ve done that you’ll be directed to another page.
- Go to the Connect using box and select COM3 as seen in the image below:
- Once you’ve selected COM3 press OK. This will open another dialog box with Port Settings at the top.
- Click Restore Defaults at the bottom of the screen.
- Press OK. At this point you want to turn your router on and off. This is referred to as the POST test (Power On Self Test). If your screen gets bombarded with information, then the process was a success. If you don’t see anything, recheck your physical connection and configuration.
- If you’re asked to enter a setup configuration simply type NO and press RETURN. Once you see the Press RETURN to get started message press Enter.
Adding Basic Settings to Your Router
You can also add basic settings to your router by following the instructions below. In general throughout the setup process you want to:
- Give the device a unique name so that you can tell it apart from other devices.
- Secure access by securing privileged EXEC, user EXEC and Telnet access. Make sure to encrypt any passwords you use.
- Configure a banner to warn potential intruders of illegal access.
- Save your configuration.
The commands below would configure your router with basic settings:
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# hostname R1 R1(config)# R1(config)# enable secret class R1(config)# R1(config)# line console 0 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# exit R1(config)# R1(config)# line vty 0 4 R1(config-line)# password cisco R1(config-line)# login R1(config-line)# exit R1(config)# R1(config)# service password-encryption R1(config)# R1(config)# banner motd $ Authorized Access Only! $ R1(config)# end R1# R1# copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] R1#
How to Secure a Cisco Router (Using No IP Directed-Broadcast)
As we mentioned in the Introduction, security is of paramount concern when it comes to configuring a router. Without it, you’re vulnerable to external threats. One of the most common ways routers are left open is through IP Directed-Broadcast. Smurf attacks (a Denial of Service attack) exploit this by taking up network resources in the form of an ICMP request to your connected devices.
The IP Directed-Broadcast is used to translate a directed broadcast into a physical broadcast. This can be problematic when dealing with smurf attacks. As a result, the No IP Directed-Broadcast command is one of the best lines of defense against these kinds of attacks because it shuts down this point of vulnerability.
If you’re using a Cisco IOS version lower than 12.0 then you’ll need to enter the No IP Directed-Broadcast command yourself. However, on Cisco versions greater than 12.0 you don’t have to do anything because No IP Directed-Broadcast will be activated by default.
However if you don’t know what version of Cisco IOS you’re currently using then you can type in the following commands in user exec mode:
Router> enable Router# show version Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.3 (14)T7, RELEASE SOFTWARE (f)
If the version number shown is higher than 12.0 then No IP Directed Broadcast is available by default. In the event that your version number is lower than version 12.0 then you’ll need to activate No IP Directed Broadcast yourself to stay protected.
When your version number is below 12.0 the first step you need to take before applying the No IP Directed Broadcast command is locating the naming settings of your router’s interface. This is shown in the image below:
You can see from the picture that the naming convention is FastEthernet o/o. This will be the information that you use to refer to interfaces in the future. At this point you need to apply the following command:
router> enable router# configure terminal Enter configuration commands, one per line. End with CNTL/Z router(config)# interface FastEthernet 0/0 router(config-if)# no ip directed-broadcast
The more interfaces you apply this command to, the more secure you’ll be against potential attacks. While you can create access lists to allow or block IP Directed-Broadcasts this is rarely worth the hassle as IP Directed-Broadcasts is rarely used. The most important thing is to make sure that you have No IP Directed-Broadcasts enabled. Without it you’ll be vulnerable to external threats.
Learning to Configure a Router with Packet Tracer
One of the most common ways to configure a router is with Cisco Packet Tracer. Packet Tracer is a development program that allows the user to build networks of devices and connect them together. Essentially this simulation program allows you to design elaborate networks with topology objects that can be linked together with cables. It allows you to develop a better understanding of how your network functions from a geographical perspective.
However, like simulation programs Packet Tracer has somewhat of a jarring user interface. If you’re new to Packet Tracer it will take a little time for you to acclimate and get used to where everything is. The most important thing to understand is you aren’t just drawing up network maps, you are also simulating the operation of equipment so you need to make sure that you do everything right; otherwise your virtual network won’t function.
Before we begin, you’ll need to download Packet Tracer. You can download it from this link here. Once you’ve downloaded Packet Tracer it is time to start configuring your router. In this example we’re going to keep network design as simple as possible so that it’s not too confusing.
- Open the program and add a router to the central canvas by clicking on the Router icon and dragging the router to the center of the canvas. You can find the router in the bottom left hand corner of the screen (it is the icon just below the timestamp with four arrows). This is shown in the image below:
- Next you want to select end devices from the bottom left hand corner to add your devices. Here we’re going to add two computers.
- Click on the Computer icon and drag it to the central canvas. Once you’ve done this click Connections in the bottom left hand corner and look for the crossover cable. You’ll find this in the menu to the right of the Connections section.
- Now click on the Router and click FastEtherneto/o to connect the cable as shown in the image below:
- Go to the PC0 computer and click FastEthernet. This will partially link the router and first computer. However, at this point the connection isn’t completely established. The red dots on the screen indicate that the connection is not active. This will change once the router has been configured.
- Before configuring the router you first need to make sure that the other computer, PC1, is connected. You can do this by clicking PC1 and selecting FastEthernet0/1. At this stage your network should look similar to the image below:
Configuring the Router
Now it is time to configure the router.
- The first step is to check if the router is turned on. To do this click on the router.This will open the Configuration menu. Here you want to look at the graphical representation of the router and make sure there is a green light. You can see a router that is turned on in the image below:Now that we’ve established the router is on we need to open the Ethernet ports. By default ports are in a state of administrative shut down where they are connected but not operational.
- To activate them you need to go to the CLI tab and open the Configuration menu.
- Press Return to start the session.
- Next enter enable to launch privilege mode.
- Enter config terminal or config t to access the Configuration menu.
- Enter interface fastetherneto/o so you can access Etherneto/o.
- Enter the following IP address: 192.168.10.1 255.255.255.0 to assign an IP address and subnet mask to your interface.
- Type no shutdown to activate the interface.Now you should receive the following message:%LINK-5-CHANGED: Interface FastEtherneto/o, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherneto/o, changed state to upOnce you see this message it is time to configure the other computer or PC1.
- You can do this by pressing Ctrl + Z and typing interface fastetherneto/1.
- Type the following IP address 192.168.20.1 255.255.255.0 and press no shutdown. This will ensure the router is fully configured.
Getting the Computers to Communicate: Configuring the Gateways
Even though you’ve set up the router, the computers won’t be able to communicate until you configure the gateway on each computer. Activating the gateway will allow both computers to interface with the network.
- To begin configuring the gateway click on PC0 to open the Configuration menu.
- Go to Global Settings under the Config tab.The Global Settings menu can be seen below:
- Look through the Global Settings view to find a field for the gateway.
- Enter the IP address you used for the router’s interface: 192.168.10.1.
- Go to the left-hand column and select the FastEthernet tab to set the computer’s IP address. You want to enter the IP address as 192.168.10.2 and the subnet mask as 255.255.255.0 like we did earlier.
- Next do the same for PC1; however, instead you want to enter 192.168.20.1 for the gateway address, 192.168.20.2 for the IP address, and 255.255.255.0 for the subnet mask.Once this has been done, it is a good idea to test the connection between the computers to see if they are up and running.
- You can do this by sending a packet from PC0 to PC1. To do this, click the packet icon from the menu on the right hand side of the main canvas as pictured below:
- Now to test the connection you can click on PC0 and PC1. If the connection is successful then you’ll be notified on the bottom right-hand side of the screen by a Successful message. If it doesn’t work, go back and re-check your syntax to make sure everything is correct.
Router Configuration with Packet Tracer
This concludes our guide to configuring a router. Whether you choose to use Packet Tracer or another tool there are many ways to go about configuring your router. There are an abundance of online resources to assist you with the basics. The most important thing is to have a clear end goal in mind. Because what you’re aiming to achieve will impact how you configure your router considerably.